Revision as of 15:44, 3 February 2012

Contents

Description

The LeapFrog Leapster Explorer and LeapPad Explorer both use the CBF file format for the kernel firmware and Surgeon. This is a rather basic format, that contains some summary information about the kernel, size, load address, etc. This information is all rather easy to obtain out of the file, with a hex editor. You can also extract the zImage or Image of the kernel if desired or use the python script in the LeapFrog Sources.

Programs

File Structure

There are three basic components of the CBF file, the summary, the kernel image, and padding. The Summary occupies the first 20 bytes of the file, which is followed by the summary CRC checksum. Directly after this starts the kernel image, which can vary in size depending on the options compiled in. It is then followed by the kernel image CRC checksum. This concludes the data portion, the file is then filled with 0xFF bytes until it is aligned to 16384 byte blocks of data.

Summary

Summary CRC

Kernel

Kernel CRC

Padding

[0:3]

[4:7]

[8:11]

[12:15]

[16:19]

[20:23]

[24:K end]

[K end+1:+4]

[..EOF]

Magic Number

CBF Version

Kernel Load

Kernel Jump

Kernel Size

CRC32 Checksum

Kernel Image

CRC32 Checksum

0xFF

File Differences

Device

File

kernel_load

kernel_jump

compressed

initramfs

Size Limit

LeapPad

Kernel.cbf

0x00100000

0x00100000

False

False

? Partition Limited

LeapPad

Surgeon.cbf

0x00008000

0x00008000

True

True

8MB Memory Limited

Explorer

Kernel.cbf

0x00008000

0x00008000

True

False

8MB Partition Limited

Explorer

Surgeon.cbf

0x00008000

0x00008000

True

True

8MB Memory Limited

make_cbf.py

Version 1

This version uses a compressed kernel (zImage) and it's kernel_boot and kernel_load addresses are 0x8000. This script, referenced in the latest make_surgeon.cbf as make_compressed_cbf.py (assuming, as its not in the sources) is used on the Explorer Surgeon and Kernel as well as the LeapPad Surgeon.

Version 2

This version uses an uncompressed kernel (Image) and it's kernel_boot and kernel_load addresses are 0x10000. The only CBF file this seems to be used on is the LeapPad kernel.

Usage

The script graps the zImage or Image file, depending on version from <kernel>/arch/arm/boot/[Image|zImage] and wraps iy with the CBF information, they use their own CRC routine in calculating the checksum. There is three options, of which only two look valid. -c deletes a previous kernel.cbf file, and -o specifies the output files name (default, kernel.cbf).